click me
Website is using Cloudflare
List name | Description |
---|---|
/domain/cloudflare_?.txt | Split files (base domain) |
ex_cloudflare_users.txt | Domains which used Cloudflare in the past, not anymore |
cloudflare_supporter.txt | who is using Cloudflare or endorsing Cloudflare. (URL only) |
List name | Description |
---|---|
cloudflare_CIDR_v4.txt | IPv4 CIDR owned by Cloudflare |
cloudflare_CIDR_v6.txt | IPv6 CIDR owned by Cloudflare |
cloudflare_range_v4.txt | IPv4 range owned by Cloudflare |
cloudflare_owned_ASN.txt | AS network owned by Cloudflare |
cloudflare_owned_NS.txt | Name Server owned by Cloudflare |
cloudflare_owned_domains.txt | Domains owned by Cloudflare |
cloudflare_owned_onions.txt | Tor .onions owned by Cloudflare |
cloudflare_members.txt | Cloudflare employer & employee |
How to detect Cloudflare?
There are many ways to detect it:
emsisoft.com. 21599 IN NS bella.ns.cloudflare.com.
emsisoft.com. 21599 IN NS dom.ns.cloudflare.com.
dev.qubes-os.org. 299 IN A 104.18.228.122
ASN AS13335 Cloudflare, Inc.
Organization Cloudflare, Inc.
Route 104.18.224.0/20
IMPORTANT: Please add only "Base Domain"
if "community.example.com" is using Cloudflare
add "example.com"
if "www.example.co.uk" is using Cloudflare
add "example.co.uk"
if "example.net" is using Cloudflare
add "example.net"
... to /split/cloudflare_e.txt
But the website X no longer using Cloudflare!
Are you sure? Remove it from /split/ list and add to "ex_cloudflare_users.txt".
click me
Website is NOT using Cloudflare
List name | Description |
---|---|
/domain/(cdnName).txt | Split files (FQDN) |
/cidr_data/?.txt | CIDR, ASN |
About "CDN FQDN list"
www.example.com
---> www.example.com is using CDN.
?.akamaiedge.net
---> subdomain of akamaiedge.net is using CDN.
* unique hostname will be masked as "?".
senate.gov
---> base domain is using CDN.
Some websites use other companies with the CloudFlare business model.
This is a collection of websites that ban Tor exits, other than through Cloudflare(e.g. showing access denied pages, systematic timing out connections, ...).
click me
Website is rejecting Tor visitor
List name | Description |
---|---|
/fqdn/anti_tor_fqdn.txt | Split files (FQDN) |
About "Anti-Tor FQDN list"
www.example.com
---> www.example.com denied/bullied Tor visitor.
?.akamaiedge.net
---> subdomain of akamaiedge.net is denied Tor user.
* unique hostname will be masked as "?".
senate.gov
---> base domain denied/harassed/challenged human who're using Tor.
If your website is on this list, you better talk with your network administrator.
But the website X no longer blocking Tor users!
Are you sure? There are two ways to remove yourself. First option is just remove it from the list and create a pull request. Second option is wait 1 year. We will revisit your website as a Tor user. If you're not blocking us, you will be removed.
If your website is using Cloudflare, there's a higher chance that we receive rejection webpage. Do not use cloudflare.
click me
How to add your data
A or B will be enough. Thank you for your contribution.
click me
How to setup git
This procedure will give you a stop_cloudflare fork with a privacy-respecting configuration to do pushes with SSH over Tor using git.openprivacy.ca("CDB"). This procedure is designed for linux. The first step covers Windows too, but these instructions probably need more adaptations for Windows and other platforms.
aptitude install git tor ssh
https://github.com/git-for-windows/git/releases/PortableGit-2.21.0-64-bit.7z
& run git-bash.exe
git.openprivacy.ca
account (username "snowden" will be used for this example)$ ssh-keygen -t rsa -N '' -C 'snowden at codeberg' -f "$HOME"/.ssh/id_rsa_codeberg-snowden
edit $HOME/.ssh/config
:
host git.openprivacy.ca
hostname git.openprivacy.ca
ForwardX11 no
ProxyCommand connect -4 -S 127.0.0.1:9050 $(tor-resolve %h 127.0.0.1:9050) %p
host codeberg-snowden
IdentityFile /home/user/.ssh/id_rsa_codeberg-snowden
copy "$HOME"/.ssh/id_rsa_codeberg-snowden.pub
to clipboard
codeberg.org > settings > SSH/GPG Keys > add key (paste from clipboard)
$ firefox https://codeberg.org/crimeflare/cloudflare-tor
fork it (top right corner)
go to the directory you want the project to be rooted in (hereafter we'll call it $project_root
).
anonymously download your fork: $ git clone git@codeberg-snowden:crimeflare/cloudflare-tor.git
edit $project_root/cloudflare-tor/.git/config
to include the account name and email address that will be on every commit, as well as the URL:
[user]
email = BM-yadayadayada6fgnLfybVnCcWf25AGZcgg@bitmessage.ch
name = snowden
[remote "origin"]
url = git@codeberg-snowden:snowden/cloudflare-tor.git
fetch = +refs/heads/*:refs/remotes/origin/*
[remote "upstream"]
url = git@codeberg-snowden:crimeflare/cloudflare-tor.git
fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
remote = origin
merge = refs/heads/master
make your first change
(from $project_root
) $ git add . -u -n
check that the files listed are what you changed and intend to push upstream
if yes: $ git add . -u
$ git commit -m 'description of first change'
$ git push origin master
$ firefox https://codeberg.org/crimeflare/cloudflare-tor
make a new pull request
Whenever git operates on the cloudflare-tor project, all connections
to codeberg are automatically over Tor with this configuration
(because the url
in .git/config
references the virtual host
codeberg-snowden
in ~/.ssh/config
).
click me
About Cloudflare base domain list
Our mission is clear - stay away from Cloudflare
.
If the subdomain.example.com
is cloudflared, we add example.com
to the database. (subdomain.example.com
is the sub-domain of example.com
. Only the owner
of example.com
can create sub-domain)
Even if whatever.example.com
is not behind cloudflare we will raise a warning, because the base domain example.com
is cloudflare user
.
The owner
of example.com
can enable Cloudflare to whatever.example.com
at any time without user's notice. It can be done from dash.cloudflare.com
webpage or hitting Cloudflare API
. The owner
is supporting Cloudflare
and this is severe security risk
.
Until the owner
completely stop using Cloudflare service for example.com
, we do not remove example.com
from the database.
There is no exception
.
"Amazon.com"
$ getweb --headonly https://pages.payments.amazon.com/robots.txt
cf-cache-status: HIT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
alt-svc: h2="cflare******.onion:443"; ma=86400; persist=1
server: cloudflare
cf-ray: XXXXXXXXXXX-YYY
If the owner
moved away from cloudflare
completely, you are welcome to add example.com
to the "ex_cloudflare_users.txt" - after checking example.com
with online tool below.
Open "Is MITM?" webpage.
Input gitlab.com
and click Skanu
.
Click testo
for detailed scan.
If you got ---Finish---
, the domain might stopped using Cloudflare. We'll investigate and remove it - or not. (wait some days and scan again to see whether the domain is removed)
Only a few Cloudflare user leave Cloudflare. False positive is uncommon.